Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Makers of MOVEit file transfer app report new flaws in its FTP software, exploitation under way

An Australian cyber security company has helped find a raft of new vulnerabilities in Progress Software’s WS_FTP Server application.

user icon David Hollingworth
Tue, 03 Oct 2023
Makers of MOVEit file transfer app report new flaws in its FTP software, exploitation under way
expand image

The eight new CVEs range in severity from three medium-grade vulnerabilities, all the way up to a single 10-out-of-10 critical flaw in the software’s Ad Hoc Transfer module that allows the remote execution of commands.

Shubham Shah and Sean Yeoh of Assetnote found the critical flaw, as credited by Progress Software on 29 September, while Cristian Mocanu of Deloitte discovered the rest, which all allow for some form of unauthorised access or execution of malicious payloads.

Here is the complete list of CVEs and their ratings:

============
============

CVE-2023-40044 - Critical
CVE-2023-42657 - Critical
CVE-2023-40045 - High
CVE-2023-40046 - High
CVE-2023-40047 - High
CVE-2023-40048 - Medium
CVE-2022-27665 - Medium
CVE-2023-40049 - Medium

Progress Software is currently recommending that all its customers upgrade to the latest versions of the software, WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2), which can be found here.

“We have addressed the vulnerabilities above, and the Progress WS_FTP team strongly recommends performing an upgrade to one of the fixed version listed, the company said in an advisory. “We do recommend upgrading to the most highest version, which is 8.8.2.”

Unfortunately, researchers at Rapid7 have reported “multiple instances of WS_FTP exploitation in the wild”.

“The process execution chain looks the same across all observed instances, indicating possible mass exploitation of vulnerable WS_FTP servers,” Rapid7 went on to say in a blog post last updated on 2 October.

“Additionally, our MDR team has observed the same Burpsuite domain used across all incidents, which may point to a single threat actor behind the activity we’ve seen.”

The Clop ransomware gang was behind the original MOVEit breach back in May and June of 2023. Since the initial breach, more than two thousand organisations around the world have been impacted, totalling more than 60 million individuals, according to tracking by KonBriefing Research.

Australian victims of the MOVEit hack include PwC, Medibank, and gaming company Aristocrat.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.